Happy Mother's Day, Mother Earth!

On Earth day, many of us think of “Mother Earth” and the endless amount of sustenance she yields to all humans, and like any mother’s day, remember to thank her and resolve to care for her better. Inevitably, it is the subject of our waste that becomes a main topic. It is what we can control, and one of the small ways where we can actually give something back to this generous creation.

E-waste is relatively new, as we settle into our digital age. As electronic items grow in amount per person, so does their lifespan shrink. All of these used items are going somewhere and according to the Carnegie Mellon University it is predicted there are about 70 million computers in our landfills. There are mice, keyboards, CRT monitors, and so on. As these items are incinerated they degas dioxins which cause cancer. As this e-waste sits in the landfill, the rain passes through the parts, melding to the toxins before seeping into the ground to mix with the groundwater.

But, we are no longer the stubborn teenagers of mama Earth. Today, there have been incredible initiatives that most people use to save their tax dollars and promote their society, simultaneously helping the Earth. For instance, batteries used to leak harmful amounts of toxic metals into the ground. Energizer lead an initiative to improve the battery capsule and now most can be safely thrown away. Mobile phones are being recycled very successfully, with phones for soldiers programs and other companies collecting the parts to reclaim parts. Mice, monitors, and keyboards are still a problem, but computers are more often than not being donated for use. Recyclers recover more than 100 million pounds of materials from electronics each year. Our government grants tax returns on donations of computers to non-profits and school systems.

Because the network is a prime route for attacks on vulnerable systems, minimising connectivity with other systems makes it easier to protect XP machines. Consequently, disconnecting XP devices entirely from the network is the best option.

But if access to specific applications is what's delaying a migration away from XP, MacDonald suggests a kiosk model, with users going to a centrally located departmental machine.

If you can't disconnect XP systems completely, the next step would be to block internet connections and limit communications to specific internal systems through a network- or host-based firewall.

Even with restricted internal access, isolate XP devices from other endpoint systems using virtual LANs or firewalls.

Step 2: Restrict apps

Lock down XP machines so they can't execute arbitrary code. This measure can be achieved through dedicated software, a host-based intrusion-prevention system, or Microsoft's Group Policy object (GPO)-based software restriction policies.

MacDonald says with the end of XP support, it's essential to allow only known-good apps to run.

A mandatory measure for all users remaining on XP machines to cut risk because 90 percent of malware runs in the context of the logged-in user.

Step 4: Bar browsing and email

Since most attacks come via email and the web, it makes sense to eliminate these vectors on XP devices. An up-to-date server-based system can instead provide these capabilities — for example, a remote desktop service or hosted virtual desktop server.

Step 5: Update software

XP may be out of support but other software running on the machines may not be and should be kept updated to minimise weaknesses.

It's important that antivirus, firewalls, software distribution clients, and browsers should be up to date, along with Java, Adobe, Office and other common infrastructure apps.

Step 6: Disable ports and drives

By disabling USB ports and CD and DVD drives, you are removing another route for the introduction of arbitrary executable code.

A network or host-based intrusion-protection system can help protect XP machines. It's worth confirming with your network or host-based supplier that it will continue to research XP vulnerabilities and attacks, and provide filters and rules to block such attacks.

Step 8: Monitor XP, Microsoft and threats

As well as monitoring XP systems for signs of compromise, organisations still running the OS should keep a close eye on Microsoft.

Although the company won't disclose new vulnerabilities against XP to those who haven't paid for Custom Support, it may release information about critical vulnerabilities to, say, Windows Server 2003, which could affect XP.

It's also worth checking community chat boards and threat intelligence feeds, as independent sources of information.

Step 9: Plan for an XP breach

Those still running XP systems need to have a plan for isolating the machines in question in the event of an attack, as well as ways to restore them to a known-good state.

It's also important to understand the cause of the problem to prevent a recurrence, and to have a backup plan to move users to supported systems rapidly in a catastrophe.

Step 10: Study costs

A cost-benefit analysis could show whether the measures involved in staying with XP temporarily might actually end up outstripping a more rapid migration.